Category: Microsoft Sentinel

For a simple Alert Rule, the Terraform code is fairly direct and easy to understand. The documentation provides clear guidance, making it easier to implement such rules with minimal effort. However, if your goal is to deploy more sophisticated Alert Rules that go beyond the basics—especially if you want to replicate the functionality provided in […]

Are your AAD logs becoming too expensive in Sentinel? I have an idea about why this happens. These logs seem to be mainly designed for reporting purposes, and optimal sizing might not have been a key focus. In my experience, these logs can grow rapidly and become quite costly to maintain in Sentinel. The two […]

Before coming to actual deployment, there are a few prerequisites you need to take care of: Enable Azure Sentinel Sign in to the portal and Search and select Azure Sentinel: Choose an existing workspace or create a new one. You can run sentinel on multiple workspaces, but the data is only stored in one of them. […]

Azure Sentinel: Best Practices for Enhanced Security Azure Sentinel, Microsoft’s cloud-native Security Information and Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution, enables organisations to proactively defend against threats. In this blog, we’ll explore key best practices for implementing Azure Sentinel to unlock its full potential and enhance your organisation’s security posture. 1. […]

Azure Sentinel is a critical component of an organisation’s cybersecurity strategy. By leveraging its advanced threat detection and response capabilities, comprehensive visibility, cost-effectiveness, and simplified management, organisations can enhance their security posture and effectively combat the evolving threat landscape. Embrace the power of Azure Sentinel to safeguard your organisation’s critical assets and stay one step […]